Modern storage volumes, such as, for example, solid state drives, conventional disk drives, or the like, may include the ability to “self-encrypt.” In general, a self-encrypting drive (SED) is a storage volume (or drive) that encrypts and decrypts data on the volume. In particular, SEDs typically encrypt all the data (all the user data, or the like) on the drive. As such, when the drive is powered on, access credentials are used to “unlock” or decrypt the data. More particularly, during operation, the data is decrypted on the fly. Accordingly, when the drive is powered off, the data remains “locked” or encrypted so that unauthorized access to the data can be minimized In general, SEDs include circuitry to receive access credentials, decrypt the contents of the drive using the access credentials, and encrypt the contents of the drive upon shut down.
Many modern computing devices include a number of low power states. For example, sleep, hibernate, or the like. With some low power states, for example, sleep (or S3) large portions of the system are powered off while other portions (e.g., DRAM, or the like) are placed in a self-refresh mode such that waking or resuming activity from the low power state is faster. In such states, the SED is typically powered off. As such, the contents of the SED are encrypted and upon waking, a user must reenter their credentials to access the drive.
With some computing systems, to maintain the user experience and functionality, the access credentials for the SED are cached (e.g., in the self-refreshing DRAM, or the like) so that they can be reused upon resuming activity from a sleep state. However, it is noted, that this may provide security vulnerabilities as the access credentials can be captured when the credentials are reused. For example, the security credentials may be captured by a protocol analyzer, execution of malware, or even by moving the DRAM to another system to recover the access credentials.
It is with respect to these and other considerations that the embodiments described herein are needed.